Format String Vulnerability in OpenVPN Affects Version 2.0.x from OpenVPN
CVE-2005-3393

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn; Openvpn Access Server
Vendor: CVE Published:; 1 November 2005

Summary

A format string vulnerability exists in the foreign_option function of OpenVPN version 2.0.x, which can be exploited by remote clients. This flaw allows attackers to craft specific input that includes format string specifiers, potentially enabling them to execute arbitrary code within the context of the OpenVPN service. Such an exploit could compromise the integrity and confidentiality of user data, as well as the overall security of the affected system.

References

http://secunia.com/advisories/17447

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/17480

third-party-advisoryx_refsource_SECUNIA

http://openvpn.net/changelog.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 1, 2005
Vulnerability Reserved
Nov 1, 2005